can you fix this CVEs?
cve-2015-5722
cve-2015-5986
https://kb.isc.org/article/AA-00913/74/ ... atrix.html
https://kb.isc.org/article/AA-01287/74/ ... fer.c.html
https://rhn.redhat.com/errata/RHSA-2015-1706.html
https://rhn.redhat.com/errata/RHSA-2015-1707.html
cve-2015-5722 AND cve-2015-5986
Re: cve-2015-5722 AND cve-2015-5986
If RH has built them and released them via RHSA announcements then they will be rebuilt by CentOS and released in due course. The packages you're looking at were only released by RH at 04:00 this morning.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: cve-2015-5722 AND cve-2015-5986
hello,
is the bind fix CVE-2015-5986 released now? in fast track?
thanks alot.
is the bind fix CVE-2015-5986 released now? in fast track?
thanks alot.
Re: cve-2015-5722 AND cve-2015-5986
Code: Select all
# rpm -q bind --changelog | grep -e CVE-2015-5722 -e CVE-2015-5986
- Apply previously not applied patch for CVE-2015-5722
- Fix CVE-2015-5722
# rpm -q bind
bind-9.8.2-0.37.rc1.el6_7.4.x86_64
As for CVE-2015-5986, the bind packages as shipped by Red Hat and CentOS are not vulnerable and thus do not need patching for this flaw.
No, important security updates are unlikely to be published in the fasttrack repository. Please read the upstream description of the channel.